WordPress.org

Make WordPress Core

Changeset 6643


Ignore:
Timestamp:
01/22/08 19:35:19 (6 years ago)
Author:
ryan
Message:

Refactor login. see #5405

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r6637 r6643  
    414414endif; 
    415415 
    416 if ( !function_exists('wp_login') ) : 
    417 /** 
    418  * wp_login() - Checks a users login information and logs them in if it checks out 
    419  * 
    420  * Use the global $error to get the reason why the login failed. 
    421  * If the username is blank, no error will be set, so assume 
    422  * blank username on that case. 
    423  * 
    424  * Plugins extending this function should also provide the global 
    425  * $error and set what the error is, so that those checking the 
    426  * global for why there was a failure can utilize it later. 
    427  * 
    428  * @since 1.2.2 
    429  * @global string $error Error when false is returned 
     416/** 
     417 * wp_authenticate() - Checks a user's login information and logs them in if it checks out 
     418 * @since 2.5 
    430419 * 
    431420 * @param string $username User's username 
    432421 * @param string $password User's password 
    433  * @param bool $deprecated Not used 
    434  * @return bool False on login failure, true on successful check 
    435  */ 
    436 function wp_login($username, $password, $deprecated = '') { 
    437     global $error; 
    438  
     422 * @return WP_Error|WP_User WP_User object if login successful, otherwise WP_Error object. 
     423 */ 
     424if ( !function_exists('wp_authenticate') ) : 
     425function wp_authenticate($username, $password) { 
    439426    $username = sanitize_user($username); 
    440427 
    441428    if ( '' == $username ) 
    442         return false; 
    443  
    444     if ( '' == $password ) { 
    445         $error = __('<strong>ERROR</strong>: The password field is empty.'); 
    446         return false; 
    447     } 
     429        return new WP_Error('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); 
     430 
     431    if ( '' == $password ) 
     432        return new WP_Error('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); 
    448433 
    449434    $user = get_userdatabylogin($username); 
    450435 
    451     if ( !$user || ($user->user_login != $username) ) { 
    452         $error = __('<strong>ERROR</strong>: Invalid username.'); 
    453         return false; 
    454     } 
    455  
    456     if ( !wp_check_password($password, $user->user_pass) ) { 
    457         $error = __('<strong>ERROR</strong>: Incorrect password.'); 
    458         return false; 
    459     } 
     436    if ( !$user || ($user->user_login != $username) ) 
     437        return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.')); 
     438 
     439    if ( !wp_check_password($password, $user->user_pass) ) 
     440        return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.')); 
    460441 
    461442    // If using old md5 password, rehash. 
     
    463444        wp_set_password($password, $user->ID); 
    464445 
    465     return true; 
     446    return new WP_User($user->ID); 
     447} 
     448endif; 
     449 
     450/** 
     451 * wp_logout() - Log the current user out 
     452 * @since 2.5 
     453 * 
     454 */ 
     455if ( !function_exists('wp_logout') ) : 
     456function wp_logout() { 
     457    wp_clear_auth_cookie(); 
     458    do_action('wp_logout'); 
    466459} 
    467460endif; 
     
    12261219endif; 
    12271220 
     1221if ( !function_exists('wp_login') ) : 
     1222/** 
     1223 * wp_login() - Checks a users login information and logs them in if it checks out 
     1224 * 
     1225 * Use the global $error to get the reason why the login failed. 
     1226 * If the username is blank, no error will be set, so assume 
     1227 * blank username on that case. 
     1228 * 
     1229 * Plugins extending this function should also provide the global 
     1230 * $error and set what the error is, so that those checking the 
     1231 * global for why there was a failure can utilize it later. 
     1232 * 
     1233 * @since 1.2.2 
     1234 * @deprecated Use wp_signin() 
     1235 * @global string $error Error when false is returned 
     1236 * 
     1237 * @param string $username User's username 
     1238 * @param string $password User's password 
     1239 * @param bool $deprecated Not used 
     1240 * @return bool False on login failure, true on successful check 
     1241 */ 
     1242function wp_login($username, $password, $deprecated = '') { 
     1243    global $error; 
     1244 
     1245    $user = wp_authenticate($username, $password); 
     1246 
     1247    if ( ! is_wp_error($user) ) 
     1248        return true; 
     1249 
     1250    $error = $user->get_error_message(); 
     1251    return false; 
     1252} 
     1253endif; 
     1254 
    12281255?> 
  • trunk/wp-includes/post.php

    r6594 r6643  
    10631063    } 
    10641064 
    1065     if ( $update ) { 
     1065    if ( $update || '0000-00-00 00:00:00' == $post_date ) { 
    10661066        $post_modified     = current_time( 'mysql' ); 
    10671067        $post_modified_gmt = current_time( 'mysql', 1 ); 
  • trunk/wp-includes/user.php

    r6391 r6643  
    11<?php 
     2 
     3function wp_signon( $credentials = '' ) { 
     4    if ( empty($credentials) ) { 
     5        if ( ! empty($_POST['log']) ) 
     6            $credentials['user_login'] = $_POST['log']; 
     7        if ( ! empty($_POST['pwd']) ) 
     8            $credentials['user_password'] = $_POST['pwd']; 
     9        if ( ! empty($_POST['rememberme']) ) 
     10            $credentials['remember'] = $_POST['rememberme']; 
     11    } 
     12 
     13    if ( !empty($credentials['user_login']) ) 
     14        $credentials['user_login'] = sanitize_user($credentials['user_login']); 
     15    if ( !empty($credentials['user_password']) ) 
     16        $credentials['user_password'] = trim($credentials['user_password']); 
     17    if ( !empty($credentials['remember']) ) 
     18        $credentials['remember'] = true; 
     19    else 
     20        $credentials['remember'] = false; 
     21 
     22    // If no credential info provided, check cookie. 
     23    if ( empty($credentials['user_login']) && empty($credentials['user_password']) ) { 
     24            $user = wp_validate_auth_cookie(); 
     25            if ( $user )  
     26                return new WP_User($user); 
     27 
     28            if ( !empty($_COOKIE[AUTH_COOKIE]) ) 
     29                return new WP_Error('expired_session', __('Your session has expired.')); 
     30 
     31            // If the cookie is not set, be silent. 
     32            return new WP_Error(); 
     33    } 
     34 
     35    if ( empty($credentials['user_login']) || empty($credentials['user_password']) ) { 
     36        $error = new WP_Error(); 
     37 
     38        if ( empty($credentials['user_login']) ) 
     39            $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); 
     40        if ( empty($credentials['user_password']) ) 
     41            $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); 
     42        return $error; 
     43    } 
     44 
     45    do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password'])); 
     46 
     47    $user = wp_authenticate($credentials['user_login'], $credentials['user_password']); 
     48    if ( is_wp_error($user) ) 
     49        return $user; 
     50 
     51    wp_set_auth_cookie($user->ID); 
     52    do_action('wp_login', $credentials['user_login']); 
     53    return $user; 
     54} 
    255 
    356function get_profile($field, $user = false) { 
     
    1669// TODO: xmlrpc only.  Maybe move to xmlrpc.php. 
    1770function user_pass_ok($user_login,$user_pass) { 
    18     $userdata = get_userdatabylogin($user_login); 
    19     return wp_check_password($user_pass, $userdata->user_pass); 
     71    $user = wp_authenticate($user_login, $user_pass); 
     72    if ( is_wp_error($user) ) 
     73        return false; 
     74 
     75    return true; 
    2076} 
    2177 
  • trunk/wp-login.php

    r6612 r6643  
    22require( dirname(__FILE__) . '/wp-config.php' ); 
    33 
    4 $action = $_REQUEST['action']; 
    5 $errors = array(); 
    6  
    7 if ( isset($_GET['key']) ) 
    8     $action = 'resetpass'; 
    9  
    10 nocache_headers(); 
    11  
    12 header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset')); 
    13  
    14 if ( defined('RELOCATE') ) { // Move flag is set 
    15     if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) ) 
    16         $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] ); 
    17  
    18     $schema = ( isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ) ? 'https://' : 'http://'; 
    19     if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') ) 
    20         update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) ); 
    21 } 
    22  
    23 //Set a cookie now to see if they are supported by the browser. 
    24 setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN); 
    25 if ( SITECOOKIEPATH != COOKIEPATH ) 
    26     setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN); 
    27  
    284// Rather than duplicating this HTML all over the place, we'll stick it in function 
    29 function login_header($title = 'Login', $message = '') { 
    30     global $errors, $error; 
    31  
     5function login_header($title = 'Login', $message = '', $wp_error = '') { 
     6    global $error; 
     7 
     8    if ( empty($wp_error) ) 
     9        $wp_error = new WP_Error(); 
    3210    ?> 
    3311<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
     
    5129    if ( !empty( $message ) ) echo apply_filters('login_message', $message) . "\n"; 
    5230 
    53     // Incase a plugin uses $error rather than the $errors array 
     31    // Incase a plugin uses $error rather than the $errors object 
    5432    if ( !empty( $error ) ) { 
    55         $errors['error'] = $error; 
     33        $wp_error->add('error', $error); 
    5634        unset($error); 
    5735    } 
    5836 
    59     if ( !empty( $errors ) ) { 
    60         if ( is_array( $errors ) ) { 
    61             $newerrors = "\n"; 
    62             foreach ( $errors as $error ) $newerrors .= '   ' . $error . "<br />\n"; 
    63             $errors = $newerrors; 
    64         } 
     37    if ( $wp_error->get_error_code() ) { 
     38        $errors = "\n"; 
     39        foreach ( $wp_error->get_error_messages() as $error ) 
     40            $errors .= '    ' . $error . "<br />\n"; 
    6541 
    6642        echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n"; 
    6743    } 
    6844} // End of login_header() 
     45 
     46function retrieve_password() { 
     47    global $wpdb; 
     48 
     49    $errors = new WP_Error(); 
     50 
     51    if ( empty( $_POST['user_login'] ) && empty( $_POST['user_email'] ) ) 
     52        $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.')); 
     53 
     54    if ( strstr($_POST['user_login'], '@') ) { 
     55        $user_data = get_user_by_email(trim($_POST['user_login'])); 
     56        if ( empty($user_data) ) 
     57            $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.')); 
     58    } else { 
     59        $login = trim($_POST['user_login']); 
     60        $user_data = get_userdatabylogin($login); 
     61    } 
     62 
     63    do_action('lostpassword_post'); 
     64 
     65    if ( $errors->get_error_code() ) 
     66        return $errors; 
     67     
     68    if ( !$user_data ) { 
     69        $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.')); 
     70        return $errors; 
     71    } 
     72 
     73    // redefining user_login ensures we return the right case in the email 
     74    $user_login = $user_data->user_login; 
     75    $user_email = $user_data->user_email; 
     76 
     77    do_action('retreive_password', $user_login);  // Misspelled and deprecated 
     78    do_action('retrieve_password', $user_login); 
     79 
     80    // Generate something random for a key... 
     81    $key = wp_generate_password(); 
     82    // Now insert the new md5 key into the db 
     83    $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'"); 
     84    $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; 
     85    $message .= get_option('siteurl') . "\r\n\r\n"; 
     86    $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; 
     87    $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n"; 
     88    $message .= get_option('siteurl') . "/wp-login.php?action=rp&key=$key\r\n"; 
     89 
     90    if ( !wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message) ) 
     91        die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); 
     92 
     93    return true; 
     94} 
     95 
     96function reset_password($key) { 
     97    global $wpdb; 
     98 
     99    $key = preg_replace('/[^a-z0-9]/i', '', $key); 
     100 
     101    if ( empty( $key ) ) 
     102        return new WP_Error('invalid_key', __('Invalid key')); 
     103 
     104    $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'"); 
     105    if ( empty( $user ) ) 
     106        return new WP_Error('invalid_key', __('Invalid key')); 
     107 
     108    do_action('password_reset'); 
     109 
     110    // Generate something random for a password... 
     111    $new_pass = wp_generate_password(); 
     112    wp_set_password($new_pass, $user->ID); 
     113    $message  = sprintf(__('Username: %s'), $user->user_login) . "\r\n"; 
     114    $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n"; 
     115    $message .= get_option('siteurl') . "/wp-login.php\r\n"; 
     116 
     117    if (  !wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message) ) 
     118        die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); 
     119 
     120    // send a copy of password change notification to the admin 
     121    // but check to see if it's the admin whose password we're changing, and skip this 
     122    if ( $user->user_email != get_option('admin_email') ) { 
     123        $message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n"; 
     124        wp_mail(get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), get_option('blogname')), $message); 
     125    } 
     126 
     127    return true; 
     128} 
     129 
     130function register_new_user($user_login, $user_email) { 
     131    $errors = new WP_Error(); 
     132 
     133    $user_login = sanitize_user( $user_login ); 
     134    $user_email = apply_filters( 'user_registration_email', $user_email ); 
     135 
     136    // Check the username 
     137    if ( $user_login == '' ) 
     138        $errors->add('empty_username', __('<strong>ERROR</strong>: Please enter a username.')); 
     139    elseif ( !validate_username( $user_login ) ) { 
     140        $errors->add('invalid_username', __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.')); 
     141        $user_login = ''; 
     142    } elseif ( username_exists( $user_login ) ) 
     143        $errors->add('username_exists', __('<strong>ERROR</strong>: This username is already registered, please choose another one.')); 
     144 
     145    // Check the e-mail address 
     146    if ($user_email == '') { 
     147        $errors->add('empty_email', __('<strong>ERROR</strong>: Please type your e-mail address.')); 
     148    } elseif ( !is_email( $user_email ) ) { 
     149        $errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn&#8217;t correct.')); 
     150        $user_email = ''; 
     151    } elseif ( email_exists( $user_email ) ) 
     152        $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.')); 
     153 
     154    do_action('register_post'); 
     155 
     156    $errors = apply_filters( 'registration_errors', $errors ); 
     157 
     158    if ( $errors->get_error_code() ) 
     159        return $errors; 
     160 
     161    $user_pass = wp_generate_password(); 
     162    $user_id = wp_create_user( $user_login, $user_pass, $user_email ); 
     163    if ( !$user_id ) { 
     164        $errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_option('admin_email'))); 
     165        return $errors; 
     166    } 
     167 
     168    wp_new_user_notification($user_id, $user_pass); 
     169 
     170    return $user_id; 
     171} 
     172 
     173//  
     174// Main 
     175// 
     176 
     177$action = $_REQUEST['action']; 
     178$errors = new WP_Error(); 
     179 
     180if ( isset($_GET['key']) ) 
     181    $action = 'resetpass'; 
     182 
     183nocache_headers(); 
     184 
     185header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset')); 
     186 
     187if ( defined('RELOCATE') ) { // Move flag is set 
     188    if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) ) 
     189        $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] ); 
     190 
     191    $schema = ( isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ) ? 'https://' : 'http://'; 
     192    if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') ) 
     193        update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) ); 
     194} 
     195 
     196//Set a cookie now to see if they are supported by the browser. 
     197setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN); 
     198if ( SITECOOKIEPATH != COOKIEPATH ) 
     199    setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN); 
    69200 
    70201$http_post = ('POST' == $_SERVER['REQUEST_METHOD']); 
     
    73204case 'logout' : 
    74205 
    75     wp_clearcookie(); 
    76     do_action('wp_logout'); 
     206    wp_logout(); 
    77207 
    78208    $redirect_to = 'wp-login.php?loggedout=true'; 
     
    87217case 'lostpassword' : 
    88218case 'retrievepassword' : 
    89     $user_login = ''; 
    90     $user_pass = ''; 
    91  
    92219    if ( $http_post ) { 
    93         if ( empty( $_POST['user_login'] ) ) 
    94             $errors['user_login'] = __('<strong>ERROR</strong>: The username field is empty.'); 
    95         if ( empty( $_POST['user_email'] ) ) 
    96             $errors['user_email'] = __('<strong>ERROR</strong>: The e-mail field is empty.'); 
    97  
    98         do_action('lostpassword_post'); 
    99  
    100         if ( empty( $errors ) ) { 
    101             $user_data = get_userdatabylogin(trim($_POST['user_login'])); 
    102             // redefining user_login ensures we return the right case in the email 
    103             $user_login = $user_data->user_login; 
    104             $user_email = $user_data->user_email; 
    105  
    106             if (!$user_email || $user_email != $_POST['user_email']) { 
    107                 $errors['invalidcombo'] = __('<strong>ERROR</strong>: Invalid username / e-mail combination.'); 
    108             } else { 
    109                 do_action('retreive_password', $user_login);  // Misspelled and deprecated 
    110                 do_action('retrieve_password', $user_login); 
    111  
    112                 // Generate something random for a key... 
    113                 $key = substr( md5( uniqid( microtime() ) ), 0, 8); 
    114                 // Now insert the new md5 key into the db 
    115                 $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'"); 
    116                 $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; 
    117                 $message .= get_option('siteurl') . "\r\n\r\n"; 
    118                 $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; 
    119                 $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n"; 
    120                 $message .= get_option('siteurl') . "/wp-login.php?action=rp&key=$key\r\n"; 
    121  
    122                 if (FALSE == wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message)) { 
    123                     die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); 
    124                 } else { 
    125                     wp_redirect('wp-login.php?checkemail=confirm'); 
    126                     exit(); 
    127                 } 
    128             } 
     220        $errors = retrieve_password(); 
     221        if ( !is_wp_error($errors) ) { 
     222            wp_redirect('wp-login.php?checkemail=confirm'); 
     223            exit(); 
    129224        } 
    130225    } 
    131226 
    132     if ( 'invalidkey' == $_GET['error'] ) $errors['invalidkey'] = __('Sorry, that key does not appear to be valid.'); 
     227    if ( 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.')); 
    133228 
    134229    do_action('lost_password'); 
    135     login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username and e-mail address. You will receive a new password via e-mail.') . '</p>'); 
     230    login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or e-mail address. You will receive a new password via e-mail.') . '</p>', $errors); 
    136231?> 
    137232 
    138233<form name="lostpasswordform" id="lostpasswordform" action="wp-login.php?action=lostpassword" method="post"> 
    139234    <p> 
    140         <label><?php _e('Username') ?><br /> 
     235        <label><?php _e('Username or E-mail:') ?><br /> 
    141236        <input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_login'])); ?>" size="20" tabindex="10" /></label> 
    142     </p> 
    143     <p> 
    144         <label><?php _e('E-mail') ?><br /> 
    145         <input type="text" name="user_email" id="user_email" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_email'])); ?>" size="25" tabindex="20" /></label> 
    146237    </p> 
    147238<?php do_action('lostpassword_form'); ?> 
     
    170261case 'resetpass' : 
    171262case 'rp' : 
    172     $key = preg_replace('/[^a-z0-9]/i', '', $_GET['key']); 
    173     if ( empty( $key ) ) { 
    174         wp_redirect('wp-login.php?action=lostpassword&error=invalidkey'); 
    175         exit(); 
    176     } 
    177  
    178     $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'"); 
    179     if ( empty( $user ) ) { 
    180         wp_redirect('wp-login.php?action=lostpassword&error=invalidkey'); 
    181         exit(); 
    182     } 
    183  
    184     do_action('password_reset'); 
    185  
    186     // Generate something random for a password... 
    187     $new_pass = wp_generate_password(); 
    188     wp_set_password($new_pass, $user->ID); 
    189     $message  = sprintf(__('Username: %s'), $user->user_login) . "\r\n"; 
    190     $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n"; 
    191     $message .= get_option('siteurl') . "/wp-login.php\r\n"; 
    192  
    193     if (FALSE == wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message)) { 
    194         die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); 
    195     } else { 
    196         // send a copy of password change notification to the admin 
    197         // but check to see if it's the admin whose password we're changing, and skip this 
    198         if ($user->user_email != get_option('admin_email')) { 
    199             $message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n"; 
    200             wp_mail(get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), get_option('blogname')), $message); 
    201         } 
    202  
     263    $errors = reset_password($_GET['key']); 
     264 
     265    if ( ! is_wp_error($errors) ) { 
    203266        wp_redirect('wp-login.php?checkemail=newpass'); 
    204267        exit(); 
    205268    } 
     269 
     270    wp_redirect('wp-login.php?action=lostpassword&error=invalidkey'); 
     271    exit(); 
     272 
    206273break; 
    207274 
    208275case 'register' : 
    209     if ( FALSE == get_option('users_can_register') ) { 
     276    if ( !get_option('users_can_register') ) { 
    210277        wp_redirect('wp-login.php?registration=disabled'); 
    211278        exit(); 
    212279    } 
    213280 
     281    $user_login = ''; 
     282    $user_email = ''; 
    214283    if ( $http_post ) { 
    215284        require_once( ABSPATH . WPINC . '/registration.php'); 
    216285 
    217         $user_login = sanitize_user( $_POST['user_login'] ); 
    218         $user_email = apply_filters( 'user_registration_email', $_POST['user_email'] ); 
    219  
    220         // Check the username 
    221         if ( $user_login == '' ) 
    222             $errors['user_login'] = __('<strong>ERROR</strong>: Please enter a username.'); 
    223         elseif ( !validate_username( $user_login ) ) { 
    224             $errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.'); 
    225             $user_login = ''; 
    226         } elseif ( username_exists( $user_login ) ) 
    227             $errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.'); 
    228  
    229         // Check the e-mail address 
    230         if ($user_email == '') { 
    231             $errors['user_email'] = __('<strong>ERROR</strong>: Please type your e-mail address.'); 
    232         } elseif ( !is_email( $user_email ) ) { 
    233             $errors['user_email'] = __('<strong>ERROR</strong>: The email address isn&#8217;t correct.'); 
    234             $user_email = ''; 
    235         } elseif ( email_exists( $user_email ) ) 
    236             $errors['user_email'] = __('<strong>ERROR</strong>: This email is already registered, please choose another one.'); 
    237  
    238         do_action('register_post'); 
    239  
    240         $errors = apply_filters( 'registration_errors', $errors ); 
    241  
    242         if ( empty( $errors ) ) { 
    243             $user_pass = wp_generate_password(); 
    244  
    245             $user_id = wp_create_user( $user_login, $user_pass, $user_email ); 
    246             if ( !$user_id ) 
    247                 $errors['registerfail'] = sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_option('admin_email')); 
    248             else { 
    249                 wp_new_user_notification($user_id, $user_pass); 
    250  
    251                 wp_redirect('wp-login.php?checkemail=registered'); 
    252                 exit(); 
    253             } 
     286        $user_login = $_POST['user_login']; 
     287        $user_email = $_POST['user_email']; 
     288        $errors = register_new_user($user_login, $user_email); 
     289        if ( !is_wp_error($errors) ) { 
     290            wp_redirect('wp-login.php?checkemail=registered'); 
     291            exit(); 
    254292        } 
    255293    } 
    256294 
    257     login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>'); 
     295    login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors); 
    258296?> 
    259297 
     
    289327case 'login' : 
    290328default: 
    291     $user_login = ''; 
    292     $user_pass = ''; 
    293  
    294329    if ( !isset( $_REQUEST['redirect_to'] ) || is_user_logged_in() ) 
    295330        $redirect_to = 'wp-admin/'; 
     
    297332        $redirect_to = $_REQUEST['redirect_to']; 
    298333 
    299     if ( $http_post ) { 
    300         // If cookies are disabled we can't log in even with a valid user+pass 
    301         if ( empty($_COOKIE[TEST_COOKIE]) ) 
    302             $errors['test_cookie'] = __('<strong>ERROR</strong>: WordPress requires Cookies but your browser does not support them or they are blocked.'); 
    303          
    304         $user_login = $_POST['log']; 
    305         $user_login = sanitize_user( $user_login ); 
    306         $user_pass  = $_POST['pwd']; 
    307         $rememberme = $_POST['rememberme']; 
    308  
    309         do_action_ref_array('wp_authenticate', array(&$user_login, &$user_pass)); 
    310     } else { 
    311         $user = wp_validate_auth_cookie(); 
    312         if ( !$user ) { 
    313             if ( empty($_GET['loggedout']) && !empty($_COOKIE[AUTH_COOKIE]) ) 
    314                 $errors['expiredsession'] = __('Your session has expired.'); 
    315         } else { 
    316             $user = new WP_User($user); 
    317  
    318             // If the user can't edit posts, send them to their profile. 
    319             if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) ) 
    320                 $redirect_to = get_option('siteurl') . '/wp-admin/profile.php'; 
    321             wp_safe_redirect($redirect_to); 
    322             exit(); 
    323         } 
    324     } 
    325  
    326     if ( $user_login && $user_pass && empty( $errors ) ) { 
    327         $user = new WP_User(0, $user_login); 
    328  
     334    $user = wp_signon(); 
     335 
     336    if ( !is_wp_error($user) ) { 
    329337        // If the user can't edit posts, send them to their profile. 
    330338        if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) ) 
    331             $redirect_to = get_option('siteurl') . '/wp-admin/profile.php'; 
    332  
    333         if ( wp_login($user_login, $user_pass) ) { 
    334             wp_set_auth_cookie($user->ID, $rememberme); 
    335             do_action('wp_login', $user_login); 
    336             wp_safe_redirect($redirect_to); 
    337             exit(); 
    338         } 
    339     } 
    340  
    341     if ( $http_post && empty( $user_login ) ) 
    342         $errors['user_login'] = __('<strong>ERROR</strong>: The username field is empty.'); 
    343     if ( $http_post && empty( $user_pass ) ) 
    344         $errors['user_pass'] = __('<strong>ERROR</strong>: The password field is empty.'); 
     339            $redirect_to = get_option('siteurl') . '/wp-admin/profile.php';  
     340        wp_safe_redirect($redirect_to); 
     341        exit(); 
     342    } 
     343     
     344    $errors = $user; 
     345    // Clear errors if loggedout is set. 
     346    if ( !empty($_GET['loggedout']) ) 
     347        $errors = new WP_Error(); 
     348 
     349    // If cookies are disabled we can't log in even with a valid user+pass 
     350    if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) ) 
     351        $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.")); 
    345352 
    346353    // Some parts of this script use the main login form to display a message 
    347     if      ( TRUE == $_GET['loggedout'] )          $errors['loggedout']        = __('You are now logged out.'); 
    348     elseif  ( 'disabled' == $_GET['registration'] ) $errors['registerdiabled']  = __('User registration is currently not allowed.'); 
    349     elseif  ( 'confirm' == $_GET['checkemail'] )    $errors['confirm']          = __('Check your e-mail for the confirmation link.'); 
    350     elseif  ( 'newpass' == $_GET['checkemail'] )    $errors['newpass']          = __('Check your e-mail for your new password.'); 
    351     elseif  ( 'registered' == $_GET['checkemail'] ) $errors['registered']       = __('Registration complete. Please check your e-mail.'); 
    352  
    353     login_header(__('Login')); 
     354    if      ( TRUE == $_GET['loggedout'] )          $errors->add('loggedout', __('You are now logged out.')); 
     355    elseif  ( 'disabled' == $_GET['registration'] ) $errors->add('registerdiabled', __('User registration is currently not allowed.')); 
     356    elseif  ( 'confirm' == $_GET['checkemail'] )    $errors->add('confirm', __('Check your e-mail for the confirmation link.')); 
     357    elseif  ( 'newpass' == $_GET['checkemail'] )    $errors->add('newpass', __('Check your e-mail for your new password.')); 
     358    elseif  ( 'registered' == $_GET['checkemail'] ) $errors->add('registered', __('Registration complete. Please check your e-mail.')); 
     359 
     360    login_header(__('Login'), '', $errors); 
    354361?> 
    355362 
     
    369376        <input type="submit" name="wp-submit" id="wp-submit" value="<?php _e('Log in'); ?> &raquo;" tabindex="100" /> 
    370377        <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($redirect_to); ?>" /> 
     378        <input type="hidden" name="testcookie" value="1" /> 
    371379  <div><br clear="all" /></div> 
    372380    </p> 
Note: See TracChangeset for help on using the changeset viewer.